.IP
When \fB\-\-pidfile\fR is not specified, this option has no effect.
.
-.TP
-\fB\-\-detach\fR
-Causes \fB\*(PN\fR to detach itself from the foreground session and
-run as a background process. \*(DD
+.IP \fB\-\-detach\fR
+Runs \fB\*(PN\fR as a background process. The process forks, and in
+the child it starts a new session, closes the standard file
+descriptors (which has the side effect of disabling logging to the
+console), and changes its current directory to the root (unless
+\fB\-\-no\-chdir\fR is specified). After the child completes its
+initialization, the parent exits. \*(DD
.
.TP
\fB\-\-monitor\fR
.
.TP
\fB\-\-user\fR
-Causes \fB\*(PN\fR to run as a non root user specified in "user:group", thus
-dropping all root privileges. Short forms "user" and ":group" are also
+Causes \fB\*(PN\fR to run as a different user specified in "user:group", thus
+dropping most of the root privileges. Short forms "user" and ":group" are also
allowed, with current user or group are assumed respectively. Only daemons
started by the root user accepts this argument.
.IP
On Linux, daemons will be granted CAP_IPC_LOCK and CAP_NET_BIND_SERVICES
before dropping root privileges. Daemons interact with datapath,
such as ovs-vswitchd, will be granted two additional capabilities, namely
-CAP_NET_ADMIN and CAP_NET_RAW.
+CAP_NET_ADMIN and CAP_NET_RAW. The capability change will apply even if
+new user is "root".
.IP
On Windows, this option is not currently supported. For security reasons,
specifying this option will cause the daemon process not to start.